Skip to main content

LPIC 2 - SSH Test

SSH Practice Exam Questions

Exam questions and answers explained for the following topics: 

  1. Standard SSH Authentication
  2. What Is SSH Key-Based Authentication?
  3. Implementation Steps Implementing key-based authentication
  4. Generate a Key Pair
    • A public/private key pair is a mathematically related set of keys that can uniquely identify a user or computer 
  5. Copy Public Key
    • The ssh-copy-id command copies the user's public key to the remote server 
  6. Enforce Key-Based Authentication
    • Key-based authentication for SSH certainly improves your organization's security posture. To enforce this method, update the /etc/ssh/sshd_config file on the remote servers to require key-based authentication and refuse password-based connection attempts.
Inspired from this CompTIA Blog:
https://www.comptia.org/blog/3-steps-to-implement-ssh-key-based-authentication
 

Which of the following is a standard SSH authentication method?

a) PAM 

b) LDAP 

c) Kerberos 

d) Password

Explaination:
The standard SSH authentication method is password-based authentication, where a user enters their username and password to log in.

Answer: d) Password 


What is SSH key-based authentication?

a) A method of authentication that uses a username and password

b) A method of authentication that uses a public/private key pair 

c) A method of authentication that uses biometrics 

d) A method of authentication that uses a security token

Explanation: 
SSH key-based authentication is a method of authentication that uses a public/private key pair. The user generates a key pair, keeps the private key secret, and distributes the public key to the remote server. When the user attempts to log in, the server verifies that the user has the private key that corresponds to the public key on the server.

Answer: b) A method of authentication that uses a public/private key pair 


What are the implementation steps for implementing key-based authentication?

a) Generate a key pair, copy the public key to the remote server, and configure the remote server to require key-based authentication 

b) Install the openssh package, generate a key pair, and configure the local client to use key-based authentication 

c) Update the /etc/ssh/sshd_config file on the remote server to require key-based authentication, generate a key pair, and copy the public key to the remote server 

d) Update the /etc/ssh/ssh_config file on the local client to use key-based authentication, generate a key pair, and copy the public key to the remote server

Explanation: 
The implementation steps for implementing key-based authentication are to generate a key pair, copy the public key to the remote server, and configure the remote server to require key-based authentication.

Answer: a) Generate a key pair, copy the public key to the remote server, and configure the remote server to require key-based authentication


What is a public/private key pair in SSH?

a) A set of keys that can uniquely identify a user or computer

b) A set of keys that can be used to encrypt and decrypt messages 

c) A set of keys that can be used for digital signatures 

d) A set of keys that can be used to establish secure connections

Explanation: 
In SSH, a public/private key pair is a set of keys that can uniquely identify a user or computer. The public key is distributed to the remote server, and the private key is kept secret.

Answer: a) A set of keys that can uniquely identify a user or computer


What does the ssh-copy-id command do?

a) Copies the private key to the remote server 

b) Copies the public key to the remote server 

c) Copies the public key from the remote server to the local client 

d) Copies the private key from the remote server to the local client

Explanation: 
The ssh-copy-id command copies the user's public key to the remote server.

Answer: b) Copies the public key to the remote server


How can key-based authentication be enforced in SSH? 

a) By updating the /etc/ssh/sshd_config file on the remote server to require password-based authentication and refuse key-based authentication attempts

b) By updating the /etc/ssh/sshd_config file on the remote server to require key-based authentication and refuse password-based authentication attempts 

c) By updating the /etc/ssh/ssh_config file on the local client to use key-based authentication 

d) By updating the /etc/pam.d/sshd file on the remote server to use key-based authentication

Explanation: 
To enforce key-based authentication in SSH, the /etc/ssh/sshd_config file on the remote server should be updated to require key-based authentication and refuse password-based authentication attempts. This can be done by setting the "PasswordAuthentication" option to "no" and the "PubkeyAuthentication" option to "yes". This ensures that users can only log in with a key pair and not with a password.

Answer: b) By updating the /etc/ssh/sshd_config file on the remote server to require key-based authentication and refuse password-based authentication attempts 


Which of the following is a disadvantage of key-based authentication in SSH? 

a) It is less secure than password-based authentication 

b) It requires additional software to be installed on the client and server 

c) It can be difficult to manage key pairs for a large number of users or servers 

d) It does not work with multi-factor authentication

Explanation: 
One disadvantage of key-based authentication in SSH is that it can be difficult to manage key pairs for a large number of users or servers. Each user needs to generate a key pair and distribute the public key to the remote server, which can become cumbersome for a large number of users or servers.

Answer: c) It can be difficult to manage key pairs for a large number of users or servers  

 

Which command can be used to generate an SSH key pair? 

a) ssh-keygen 

b) ssh-copy-id 

c) ssh-add 

d) ssh-agent

Explanation: 
The ssh-keygen command can be used to generate an SSH key pair.

Answer: a) ssh-keygen 


What is the default location for the SSH configuration files on a Linux system? 

a) /etc/ssh/ 

b) /usr/bin/ssh/ 

c) /home/username/.ssh/ 

d) /var/log/ssh/

Explanation: 
The default location for the SSH configuration files on a Linux system is /etc/ssh/.

Answer: a) /etc/ssh/ 


Which of the following options in the sshd_config file can be used to specify the location of the authorized keys file? 

a) AuthorizedKeysFile 

b) PubkeyAuthentication 

c) PasswordAuthentication 

d) ChallengeResponseAuthentication

Explanation: 
The AuthorizedKeysFile option in the sshd_config file can be used to specify the location of the authorized keys file. By default, this file is located in the user's home directory under the .ssh/ directory, but it can be changed using this option.

Answer: a) AuthorizedKeysFile 


What command can be used to copy a public key to a remote server? 

a) ssh-keygen

b) ssh-copy-id 

c) scp 

d) ssh-agent

Explanation: 
The ssh-copy-id command can be used to cWhichopy a public key to a remote server. This command will append the user's public key to the authorized_keys file on the remote server, allowing the user to log in using their private key.

Answer: b) ssh-copy-id 


Which of the following options in the sshd_config file can be used to disable password-based authentication? 

a) PubkeyAuthentication 

b) PasswordAuthentication 

c) ChallengeResponseAuthentication 

d) UsePAM

Explanation: 
The PasswordAuthentication option in the sshd_config file can be used to disable password-based authentication. Setting this option to "no" will prevent users from logging in with a password and require them to use a key pair instead.

Answer: b) PasswordAuthentication 


What is the purpose of a passphrase when creating an SSH key pair? 

a) To encrypt the private key 

b) To authenticate the user 

c) To encrypt the public key 

d) To encrypt the SSH session

Explanation: 
When creating an SSH key pair, a passphrase can be used to encrypt the private key. This adds an additional layer of security to the key pair by requiring a passphrase to be entered before the private key can be used.

Answer: a) To encrypt the private key 


Which of the following options in the sshd_config file can be used to specify the allowed authentication methods? 

a) AllowedAuthentications 

b) AuthenticationMethods 

c) AllowedMethods 

d) AuthMethods

Explanation: 
The AuthenticationMethods option in the sshd_config file can be used to specify the allowed authentication methods. This option can be used to restrict the authentication methods that are allowed for SSH connections, such as key-based authentication or password-based authentication.

 Answer: b) AuthenticationMethods 


What is the purpose of the ssh-agent program? 

a) To manage SSH key pairs 

b) To encrypt SSH traffic 

c) To authenticate SSH connections 

d) To manage SSH configuration files

Explanation: 
The ssh-agent program is used to manage SSH key pairs. It is a program that runs in the background and stores decrypted private keys in memory so that they can be used by SSH clients without the need to enter a passphrase each time. This makes it easier to use SSH key pairs for authentication.

Answer: a) To manage SSH key pairs 

Labels: